LAN Routing Issue


Recommended Posts

Hi - I'm having a very basic routing issue for my LAN/br0. The unraid server can get out to the internet but it can't ping devices in other networks. What are some basic first steps I can take to troubleshoot this, since I've been unsuccessful in trying to solve this? I think it has to do with some config on unraid.

 

Note: I don't see any traffic/denies on the firewall either.

 

image.png.ce005b09cf25c97c634f2ace316f689f.png

 

Edited by surfshack66
Link to comment

@ken-ji

 

I've been reading multiple forums posts, including this

 

In this post, you say:

"With only a single NIC, and no VLAN support on your network, it is impossible for the host unRAID to talk to the containers and vice versa; the macvlan driver specifically prohibits this."

 

My question is how do I get the host unraid to talk to the containers and vice versa IF I have VLAN support on my network?

Link to comment

@surfshack66

Simple.

Configure docker networks on the VLANs you have defined. Do take note that the VLAN subinterfaces preferably should not have an IP address, as it will cause confusion with asymmetric routing on Unraid.

It will look like this:

image.thumb.png.ea4b8d9923807fd61ff5858ca29344ec.png

image.thumb.png.94eaf2c3c7d4b4fbc59d8f8416baec44.png

(Sorry but my only server has 2 network interfaces, but it should be identical)

place the containers on the VLANs, while keeping Unraid on the unbridged main network eth0/br0/bond0.

so when container A (ie 192.168.95.129) in VLAN 3 talks to Unraid (192.168.2.5) it will always talk to the router (192.168.95.1) instead of trying to talk to Unraid directly (which the lack of IP prevents)

 

 

Link to comment

Sorry since you pulled me in the discussion. What exactly is your issue?

Unraid cannot ping the other subnets?

try grabbing the output of traceroute -n <unpingable ip>

 

Also, i'm amazed you were allowed to define br0.100 as I'm fairly sure docker won't let you create networks to the same gateway 

Edited by ken-ji
Link to comment
2 hours ago, ken-ji said:

there's something wrong with your config.

can you show the output of ip route

because from your screen shots it seems the default route is to 192.168.1.1 but br0 has an ip of 192.168.100.100 which is not in the same subnet as your gateway?

Which screenshot shows default route to 192.168.1.1? This is my LAN network. I just recently moved unraid to VL100 as a test to see if the issue persists.

VL100 = 192.168.100.1

 

image.png.0bda82848b4e69fe4c3248ecfc8171bf.png

 

Link to comment

you have two interfaces for the subnet 192.168.100.0/24 - br0 & br0.100

you can see it in the routing table that there are two entries for 192.168.100.0/24 there only be one unless you know what you are doing.

the default metric is 0 which makes br0.100 the default interface to use to talk to the gateway. but going to other subnets the routing table indicates to use br0 to talk to the gateway.

 

I think you have asymmetric routing going on here - packets go out one interface and the response comes back on another.

 

You must delete the ip from br0.100 so its not considered a possible route for packets for the 192.168.100.0/24 subnet

The fact that all your interfaces have routes mean you have IP addresses on all the VLANs, which I mentioned previously tends to be a confusing and messy config, particularly if you are trying to perform VLAN segregation. Additionaly, if the docker networks were autocreated (they will be if the VLAN interfaces have IP addresses), they might need to be deleted when you remove the IP from the interface (Its been a while since I configured this)

 

Link to comment

Sorry about that. I said before to ignore br0.100 since I created that as a test. In any case, I cleaned up the test VL100.

 

Unraid is 192.168.1.2 in the LAN 192.168.1.0

 

image.png.44421ce9bbd88f469aab76a72f12475c.png

 

Unraid cannot ping containers in other networks.

 

image.png.508ebe2463bf14637e17337f6e013ff2.png

 

Also, I don't think I have IP addresses on all the VLANs. Is this screenshot what you mean by having IP addresses on the VLANs?

image.thumb.png.353c39a21325643eb1d12deb3b308f43.png

Link to comment

And that is the totally wrong script to be using since you shouldn't be specifying local direct attached subnets specially when the interface does not have an ip address.

When you assign an IP to an interface, the networking stack will automatically define an route to the subnet on that interface. You never define this route manually.

Link to comment

I did that based on this recommendation.

 

 

Let's try that test you just mentioned.

image.png.77e603ae7150d8b015e06bbe46729684.png

 

I think you solved it!

 

A quick test from a container in br0.80 subnet

 

image.png.ccb313d6b5d6f9673ca87ce12239425a.png

 

I can't believe that script was the reason I was having issues. Thank you so much for helping. Does everything seem right now if I delete that script?

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.